Filtered by vendor Ibm
Subscriptions
Filtered by product Db2
Subscriptions
Total
273 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2008-4692 | 1 Ibm | 1 Db2 | 2024-11-21 | N/A |
The Native Managed Provider for .NET component in IBM DB2 8 before FP17, 9.1 before FP6, and 9.5 before FP2, when a definer cannot maintain objects, preserves views and triggers without marking them inoperative or dropping them, which has unknown impact and attack vectors. | ||||
CVE-2008-4691 | 1 Ibm | 1 Db2 | 2024-11-21 | N/A |
Unspecified vulnerability in the SQLNLS_UNPADDEDCHARLEN function in the New Compiler (aka Starburst derived compiler) component in the server in IBM DB2 9.1 before FP6 allows attackers to cause a denial of service (segmentation violation and trap) via unknown vectors. | ||||
CVE-2008-3959 | 1 Ibm | 1 Db2 | 2024-11-21 | N/A |
IBM DB2 UDB 8.1 before FixPak 16, 8.2 before FixPak 9, and 9.1 before FixPak 4a allows remote attackers to cause a denial of service (instance crash) via a crafted SQLJRA packet within a CONNECT/ATTACH data stream that simulates a V7 client connect/attach request. | ||||
CVE-2008-3958 | 1 Ibm | 1 Db2 | 2024-11-21 | N/A |
IBM DB2 UDB 8 before Fixpak 17 allows remote attackers to cause a denial of service (instance crash) via a crafted CONNECT/ATTACH data stream that simulates a V7 client connect/attach request. NOTE: this may overlap CVE-2008-3858. NOTE: this issue exists because of an incomplete fix for CVE-2008-3959. | ||||
CVE-2008-2154 | 1 Ibm | 1 Db2 | 2024-11-21 | N/A |
IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP2 provides an INSTALL_JAR (aka sqlj.install_jar) procedure, which allows remote authenticated users to create or overwrite arbitrary files via unspecified calls. | ||||
CVE-2008-1998 | 2 Ibm, Microsoft | 2 Db2, Windows | 2024-11-21 | N/A |
The NNSTAT (aka SYSPROC.NNSTAT) procedure in IBM DB2 8 before FP16, 9.1 before FP4a, and 9.5 before FP1 on Windows allows remote authenticated users to overwrite arbitrary files via the log file parameter. | ||||
CVE-2008-1997 | 1 Ibm | 1 Db2 | 2024-11-21 | N/A |
Unspecified vulnerability in the ADMIN_SP_C2 procedure in IBM DB2 8 before FP16, 9.1 before FP4a, and 9.5 before FP1 allows remote authenticated users to execute arbitrary code via unknown vectors. NOTE: the ADMIN_SP_C issue is already covered by CVE-2008-0699. | ||||
CVE-2008-1966 | 1 Ibm | 1 Db2 | 2024-11-21 | N/A |
Multiple buffer overflows in the JAR file administration routines in the BSU JAVA subcomponent in IBM DB2 8 before FP16, 9.1 before FP4a, and 9.5 before FP1 allow remote authenticated users to cause a denial of service (instance crash) via a call to the (1) RECOVERJAR or (2) REMOVE_JAR procedure with a crafted parameter, related to (a) sqlj.install_jar and (b) sqlj.replace_jar. | ||||
CVE-2008-0699 | 1 Ibm | 1 Db2 | 2024-11-21 | N/A |
Unspecified vulnerability in the ADMIN_SP_C procedure (SYSPROC.ADMIN_SP_C) in IBM DB2 UDB before 8.2 Fixpak 16, 9.1 before FP4a, and 9.5 before FP1 allows remote authenticated users to execute arbitrary code via unspecified attack vectors. | ||||
CVE-2008-0698 | 1 Ibm | 1 Db2 | 2024-11-21 | N/A |
Buffer overflow in the DAS server in IBM DB2 UDB before 8.2 Fixpak 16 has unknown attack vectors, and an impact probably involving "invalid memory access." | ||||
CVE-2008-0697 | 1 Ibm | 1 Db2 | 2024-11-21 | N/A |
Unspecified vulnerability in DB2PD in IBM DB2 UDB before 8.2 Fixpak 16 allows local users to gain root privileges via unspecified vectors. | ||||
CVE-2008-0696 | 1 Ibm | 1 Db2 | 2024-11-21 | N/A |
IBM DB2 UDB before 8.2 Fixpak 16 does not properly check authorization for the ALTER TABLE statement, which has unknown impact and attack vectors. | ||||
CVE-2007-5652 | 1 Ibm | 1 Db2 | 2024-11-21 | N/A |
IBM DB2 UDB 9.1 before Fixpak 4 does not properly manage storage of a list containing authentication information, which might allow attackers to cause a denial of service (instance crash) or trigger memory corruption. NOTE: the vendor description of this issue is too vague to be certain that it is security-related. | ||||
CVE-2007-5090 | 2 Ibm, Microsoft | 3 Db2, Rational Clearquest, Sql Server | 2024-11-21 | N/A |
Unspecified vulnerability in IBM Rational ClearQuest (CQ), when a Microsoft SQL Server or an IBM DB2 database is used, allows attackers to corrupt data via unspecified vectors. | ||||
CVE-2007-3676 | 1 Ibm | 1 Db2 | 2024-11-21 | N/A |
IBM DB2 Universal Database (UDB) Administration Server (DAS) 8 before Fix Pack 16 and 9 before Fix Pack 4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via modified pointer values in unspecified remote administration requests, which triggers memory corruption or other invalid memory access. NOTE: this might be the same issue as CVE-2008-0698. | ||||
CVE-2007-2582 | 1 Ibm | 1 Db2 | 2024-11-21 | N/A |
Multiple buffer overflows in the DB2 JDBC Applet Server (DB2JDS) service in IBM DB2 9.x and earlier allow remote attackers to (1) execute arbitrary code via a crafted packet to the DB2JDS service on tcp/6789; and cause a denial of service via (2) an invalid LANG parameter or (2) a long packet that generates a "MemTree overflow." | ||||
CVE-2007-1228 | 2 Ibm, Unix | 2 Db2, Unix | 2024-11-21 | N/A |
IBM DB2 UDB 8.2 before Fixpak 7 (aka fixpack 14), and DB2 9 before Fix Pack 2, on UNIX allows the "fenced" user to access certain unauthorized directories. | ||||
CVE-2007-1088 | 1 Ibm | 1 Db2 | 2024-11-21 | N/A |
Stack-based buffer overflow in IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 allows local users to execute arbitrary code via a long string in unspecified environment variables. | ||||
CVE-2007-1087 | 1 Ibm | 1 Db2 | 2024-11-21 | N/A |
IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 does not properly terminate certain input strings, which allows local users to execute arbitrary code via unspecified environment variables that trigger a heap-based buffer overflow. | ||||
CVE-2007-1027 | 1 Ibm | 1 Db2 | 2024-11-21 | N/A |
Certain setuid DB2 binaries in IBM DB2 before 9 Fix Pack 2 for Linux and Unix allow local users to overwrite arbitrary files via a symlink attack on the DB2DIAG.LOG temporary file. |